Lucene search

K
cve[email protected]CVE-2016-3951
HistoryMay 02, 2016 - 10:59 a.m.

CVE-2016-3951

2016-05-0210:59:41
web.nvd.nist.gov
84
cve-2016-3951
linux kernel
drivers/net/usb
cdc_ncm.c
usb descriptor
denial of service

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

Low

EPSS

0.004

Percentile

73.3%

Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.

Affected configurations

NVD
Node
canonicalubuntu_linuxMatch12.04lts
OR
canonicalubuntu_linuxMatch14.04lts
OR
canonicalubuntu_linuxMatch15.10
Node
novellsuse_linux_enterprise_software_development_kitMatch12.0sp1
OR
susesuse_linux_enterprise_software_development_kitMatch12.0
OR
novellsuse_linux_enterprise_desktopMatch12
OR
novellsuse_linux_enterprise_desktopMatch12sp1
OR
novellsuse_linux_enterprise_live_patchingMatch12.0
OR
novellsuse_linux_enterprise_module_for_public_cloudMatch12
OR
novellsuse_linux_enterprise_real_time_extensionMatch12sp1
OR
novellsuse_linux_enterprise_serverMatch12.0
OR
novellsuse_linux_enterprise_serverMatch12.0sp1
OR
novellsuse_linux_enterprise_workstation_extensionMatch12.0
OR
novellsuse_linux_enterprise_workstation_extensionMatch12.0sp1
Node
linuxlinux_kernelMatch4.5.0rc7
VendorProductVersionCPE
canonicalubuntu_linux14.04cpe:/o:canonical:ubuntu_linux:14.04::lts:
canonicalubuntu_linux15.10cpe:/o:canonical:ubuntu_linux:15.10:::
canonicalubuntu_linux12.04cpe:/o:canonical:ubuntu_linux:12.04::lts:

References

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

Low

EPSS

0.004

Percentile

73.3%